Small Businesses Now Bigger Targets In Cyberattacks

Half of all targeted attacks last year hit companies with less than 2,500 employees, and overall, targeted cyberattacks jumped 42 percent in 2012, new Symantec data shows

It's not just the big boys who the bad guys are hacking anymore: Smaller, more vulnerable, and defenseless organizations are now one of the most popular targets, newly published data shows. As targeted cyberattacks increased by 42 percent last year, nearly one-third of all of these attacks were aimed at businesses with less than 250 people.

"Smaller businesses presume they are not a target. But we think attackers [are targeting] them because they have weaker security settings and are probably easier to penetrate. Plus they do work with larger organizations ... and attackers can use small companies as a stepping stone to larger ones or as an entry point into getting the information they want," says Vikram Thakur, principal security response manager for Symantec, which today released these latest findings as part of its 2013 Internet Security Threat Report. "They need to expect that."

In some cases, the smaller firm may be a supplier of key elements of a larger firm's intellectual property, too, which also makes it a juicy target, he says. Attackers also infiltrate smaller, easier-to-hack businesses in hopes that they will ultimately lead to bigger, more lucrative firms, he says. "One theory is they stay under the radar in smaller firms in hopes the smaller ones will be acquired by a larger company and then their networks will merge, and they'll have an existing foothold," Thakur says. "Another theory is that if they get in smaller companies, they can then use" its tunnel to a larger business partner's network, he says.

Last year, 50 percent of all targeted attacks hit businesses with less than 2,500 employees, and businesses with less than 250 employees accounted for 31 percent of all targeted attacks and represented the biggest growth sector in these attacks, according to Symantec's report.

Symantec tallied an average of 116 targeted attacks each day around the world in 2012. Why the jump in targeted attacks? Thakur says that the 42 percent jump may, in part, have to do with the flood of waterholing-type attacks, where attackers infect legitimate websites that users of the targeted organizations would most likely frequent in hopes of infecting them. This can be more efficient than the traditional spearphish in terms of volume of infections: One waterhole attack by the so-called Elderwood Group last year spread malware to 500 different organizations in 24 hours via a human rights organization's website, for instance, Symantec says.

Jaime Blasco, labs manager at Alien Vault Labs, says part of the reason for the increase in targeted attack reports is that organizations are getting better at detecting that they are getting hacked. "I think the main reason is that most of the antivirus companies have more visibility about what is and what is not targeted," Blasco says. "I'm not saying that the number of targeted attacks hasn't increased, but it is true that companies, especially the small and [midsize] ones, are improving their detection capabilities."

The most-hit vertical industry in 2012 was manufacturing, with 34 percent of the targeted attacks, up from 15 percent in 2011. "This is the first year that government was not on top of the vertical list," Symantec's Thakur says.

Government and public sector organizations went from 25 percent of the targeted attacks in 2011 to 12 percent last year. Symantec says these shifts may be due to attackers moving "down the supply" chain in their attacks.

Meanwhile, the number of new vulnerabilities discovered in 2012 increased slightly from 4,989 in 2011 to 5,291 last year -- 425 of which were in mobile operating systems. The number of new zero-day vulnerabilities used in attacks was 14, versus eight in 2011.

Web-based attacks jumped by 30 percent last year, and the number of phishing sites posing as social networking sites exploded by 125 percent as attackers set their sights on social networks. And while mobile malware has grown by 58 percent the past year, according to Symantec's Thakur, 32 percent of all mobile threats now steal information from victims. "Data loss is the biggest concern and so is privacy," he says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

The attitude that "it couldn't happen to me" has been a persistent problem in infosec. Repeated battering of large companies by attackers over the last decade has generally brought those organizations around. Looks like it's SMBs' turn now.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.